Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security on Laptops

Status
Not open for further replies.
AeonNL

AeonNL

MIS
May 1, 2002
24
NL
Lo all,

I would like to secure the laptops that I am supporting. They are allready running on Win2k prof with NTFS. Some things I could do is use bios passwords, etc etc. But I would also like to secure the DATA on those systems. A Bios password can't do that. Windows 2000 encryption doesn't look very nice.

Im looking for something that won't cost too much performance. I heard about USB keys, iRDA (infrared) stuff etc. Does anyone have experience witht that kind of stuff? Will that work if someone steals a laptop, and puts the harddrive on a different system? (encryption)

Most of that software will overwrite the NT GINA dll with a custom version. Is that a problem? (are there other options?)

Thanks for any feedback.

Æ0N
 
Sort by date Sort by votes
My favorite is McAfee's PGP 7.0, to store various sensitive data (include a desktop SQL's database) encrypted. It's only a viable option if you're not trying to encrypt the entire hard drive, though.
-Steve
 
Upvote 0 Downvote
But if the laptop is stolen and the hard drive is removed... and now the hard drive is put in a different computer as a slave the boot check in the above link will not happen.

But if the drive is formated in NTFS5...
1. They can only hook it to a 2000 OS
2. You can set the File Security for certin users or groups
3. You can use the file encryption evn though you stated above that you do not care for it (sorry).

But no matter which way you choose you should...
Set one of you laptops up and then take out the hard drive and try and access the files with a different computer.

Good Luck
EddieJ300

 
Upvote 0 Downvote
If you are really concerned about the data, you have to encrypt it while on the drive.

Take a look at or I understand that this currently doesn't support 2k, but it can't be far behind.

In other words, I can access the drive with an OS that doesn't care what restrictions you placed on the data. And with network access, I can do this without any signs that it was done. Just scp the files that I want to another machine on the net, and then shut the laptop back down. That is where your BIOS password provides potential detection that something is amiss.

The problem is that once I have physical access, the best that you can do is slow me down and possibly detect that something bad has happened. Encryption is the only way to make it take more than a few minutes to get access to the data.

pansophic
 
Upvote 0 Downvote
On-the-fly encryption such as NTFS has serious limitations. Once you have physical access to the drive all you need to do to gain access to the data is gain access to the user name and password.

This may seem like a daunting task but depending on which windows OS you use NTACCESS can unlock that info.

I encrypted my entire volume with NTFS, removed the drive and placed it into another pc as slave and ran a demo version of NTACCESS against it. NTACCESS could see all of the file names and details for the test account clearly as windows explorer could.

No clue if the registered version could really gain access to the actual data of all users or not since this was a feature-limited demo (crippleware) version that I looked at.

But since the demo could see all resources for the test account that explorer could previously see this gives me concerns about the viability of using ntfs as a sole solution for protecting the data.

So I'm still looking for a software solution that will encrypt the entire volume and require a key (either typed, pasted in, or read from an external cd or floppy that I can hide or lock away) to protect anyone from gaining access to the data.

Also the software must be safe to use, not destroy the data during the process of encryption/decryption.

If you know of such a solution please let me know. In the meantime I will follow each of the other links already posted for more information.

Thanks!

Andre
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
697
Sameer258
Sameer258
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
116
abhi21
abhi21
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
162
PauS0n
PauS0n
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
122
gbayi_omo
gbayi_omo
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
171
mcisar
mcisar

Part and Inventory Search

Sponsor

Back
Top